Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feature/code-absence; fix missing filename #54

Merged
merged 2 commits into from
Jan 4, 2025
Merged

feature/code-absence; fix missing filename #54

merged 2 commits into from
Jan 4, 2025

Conversation

LvMalware
Copy link
Contributor

This pull request adds the following changes:

@htrgouvea htrgouvea changed the base branch from main to develop November 12, 2024 13:56
@D3vil0p3r
Copy link

@htrgouvea can you review this PR too?

I'm getting same issue when it finds more vulns on the same file:

[vuln] - FILE:/usr/lib/modules/6.6.61-1-lts/build/scripts/checkpatch.pl 	Potential: Path Traversal. 	Dangerous function on line: 1260:3 	Data point possibility controlled: 1255:5
Use of uninitialized value $file in concatenation (.) or string at ./zarn.pl line 75.
[vuln] - FILE: 	Potential: Path Traversal. 	Dangerous function on line: 1263:3 	Data point possibility controlled: 1255:5
Use of uninitialized value $file in concatenation (.) or string at ./zarn.pl line 75.
[vuln] - FILE: 	Potential: Path Traversal. 	Dangerous function on line: 1266:3 	Data point possibility controlled: 1255:5
Use of uninitialized value $file in concatenation (.) or string at ./zarn.pl line 75.
[vuln] - FILE: 	Potential: Path Traversal. 	Dangerous function on line: 1268:3 	Data point possibility controlled: 1255:5
Use of uninitialized value $file in concatenation (.) or string at ./zarn.pl line 75.
[vuln] - FILE: 	Potential: Path Traversal. 	Dangerous function on line: 2464:5 	Data point possibility controlled: 216:6
Use of uninitialized value $file in concatenation (.) or string at ./zarn.pl line 75.
[vuln] - FILE: 	Potential: Path Traversal. 	Dangerous function on line: 3695:14 	Data point possibility controlled: 3693:7
Use of uninitialized value $file in concatenation (.) or string at ./zarn.pl line 75.
[vuln] - FILE: 	Potential: Path Traversal. 	Dangerous function on line: 6946:3 	Data point possibility controlled: 3397:8

so, FILE: remains empty and it can lead to misunderstanding for who is analyzing the output. Thanks

@htrgouvea htrgouvea merged commit 76767b1 into htrgouvea:develop Jan 4, 2025
2 of 3 checks passed
@htrgouvea htrgouvea mentioned this pull request Jan 4, 2025
Closed
htrgouvea added a commit that referenced this pull request Jan 4, 2025
@htrgouvea @scriptprivate @LvMalware
Develop (#57)
f76bf09 
* return feature to remove blank lines and comments

* add samples to perform tests

* pushing some tools to help during debug tasks

* skip false positives - draft function

* improve taint analysis function

* drafting new rules

* update sarif output with new variables

* apply design pattern practices to a better code compreension

* remove Data::Dumper

* fixed sarif

* remove unecessary variables

* remove old file

* remove samples

* create some unit tests

* update rules on linter

* resolv linter warnings

* resolv linter warnings

* new module

* remove tools/

* tdy

* update perltidyrc

* new line

* deleted tests/Sarif.t

* remove blank lines

* checking if the name of file that does exists

* fix(Source-to-Sink): handle empty token list in PPI find method (#55)

* fix(Source-to-Sink): handle empty token list in PPI find method

- prevent runtime error when no tokens are found by using an empty array reference as a fallback

* update security-gate.yml

* update the license year

* feature/code-absence; fix missing filename (#54)

Co-authored-by: H. Gouvêa <[email protected]>

* draft rules

* refact the usage of map to for

* update the type of each rule

* update the documentation

* remove blank line

* remove blank line

* fix code style

---------

Co-authored-by: Heitor <[email protected]>
Co-authored-by: priv <[email protected]>
Co-authored-by: Lucas V. Araujo <[email protected]>
@htrgouvea
Copy link
Owner

thanks @LvMalware

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@htrgouvea htrgouvea htrgouvea approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@LvMalware @D3vil0p3r @htrgouvea